"Something like" Dual WAN

richardramirez · June 22, 2017, 7:00am

Hello every one,

i want to add another WAN (LTE) connection to my setup just like in a picture:
https://imgur.com/a/P6HWW#0hkpnEp

Right now all the traffic is routed through default route:

S>* 0.0.0.0/0 [210/0] via 192.168.1.1, eth3

and i am fine with this BUT for some reasons (mostly upload speed) i want to route some traffic (specific ports and/or hosts) through peth1 (LTE)

So i put lte router and peth1 in different subnet 192.168.8.0/24

pseudo-ethernet peth1 { address 192.168.8.11/24 link eth3 mode private }
created nat rules

nat { ... source { ... rule 18 { outbound-interface peth1 source { address 192.168.2.0/24 } translation { address masquerade } } } }

created table

protocols { static { ... table 18 { interface-route 0.0.0.0/0 { next-hop-interface peth1 { } } } } }

and finally policy

[code]policy {
…
route lte{
…
rule 18 {
destination {
address ab.cd.ef.gh
}

        set {
            table 18
        }
    }
}[/code]

and added policy to lan interface

ethernet eth1 { address 192.168.2.1/24 description lan duplex auto hw-id 9a:04:f2:00:ee:1b policy { route lte } speed auto }

if i commit this configuration i cannot reach host ab.cd.ef.gh form policy 18.

For me, this this should work but it isn’t. Maybe i shouldn’t use peth interface for this? I can add another physical interface to vyos router it it helps.

If i add

set protocols static route 0.0.0.0/0 next-hop 192.168.8.1

vyos puts all the traffic through lte.

Best regards

16again · June 27, 2017, 3:09pm

Adding a NIC (or use a separate VLAN) would be my 1st step.
As you can’t do next-hop-interface on eth interfaces, getting rid of DHCP on WAN interfaces and using static IP addresses would be my 2nd.

richardramirez · June 28, 2017, 7:29am

This whole thing is virtualised -but i can add another virtual adapter connected to physical interface.But I don’t think this might be a problem.

What are my options if i cant use “next-hop-interface” on eth or peth?
How can i define whats goes where in other way then tables and policies?
I use this method on openvpn tunnels to route some traffic through.

Best regards

16again · June 29, 2017, 8:36pm

An openvpn tunnel is a point to point interface, whereas Ethernet is point to multipoint.
Just use “next-hop address” instead.

The extra NIC can go in same LAN, and have 192.168.8.x address.

richardramirez · July 3, 2017, 7:39am

Yep, this solved my problem (caused by lack of the knowledge)
Thank you very much.